From 7e005f58ab813a70d2cee87f642cf744cbc9d604 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Fri, 23 Dec 2022 17:16:09 +0100 Subject: [PATCH] feat(docs): re-enable container security scanning --- .github/workflows/secgen.yaml | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/.github/workflows/secgen.yaml b/.github/workflows/secgen.yaml index 6da718d66b4..6d97dcff09f 100644 --- a/.github/workflows/secgen.yaml +++ b/.github/workflows/secgen.yaml @@ -52,6 +52,14 @@ jobs: shell: bash run: | #!/bin/bash + render(){ + local chart="$1" + local chartname="$2" + local train="$3" + echo "Rendering helm-template for ${chartname}" + mkdir -p ${chart}/render + helm template ${chart} --output-dir ${chart}/render || echo "Helm template failed..." + } helm_sec_scan() { local chart="$1" local chartname="$2" @@ -65,15 +73,14 @@ jobs: echo "" >> website/docs/charts/${train}/${chartname}/helm-security.md echo "##### Scan Results" >> website/docs/charts/${train}/${chartname}/helm-security.md echo "" >> website/docs/charts/${train}/${chartname}/helm-security.md - helm template ${chart} --output-dir ${chart}/render || echo "Helm template failed..." trivy config -f template --template "@./templates/trivy-config.tpl" ${chart}/render >> website/docs/charts/${train}/${chartname}/helm-security.md || echo "trivy scan failed..." - rm -rf ${chart}/render } container_sec_scan() { local chart="$1" local chartname="$2" local train="$3" echo "Scanning container security for ${chartname}" + mkdir -p ${chart}/render echo "# Container Security" >> website/docs/charts/${train}/${chartname}/container-security.md echo "" >> website/docs/charts/${train}/${chartname}/container-security.md echo "##### Detected Containers" >> website/docs/charts/${train}/${chartname}/container-security.md @@ -89,23 +96,25 @@ jobs: ghcrcont=$(echo ${container} | sed "s/tccr.io/ghcr.io/g") trivy image -f template --template "@./templates/trivy-container.tpl" ${ghcrcont} >> website/docs/charts/${train}/${chartname}/container-security.md echo "" >> website/docs/charts/${train}/${chartname}/container-security.md - done + done } cleanfiles() { local chart="$1" local chartname="$2" local train="$3" echo "sanitising website output for ${chartname}..." + rm -rf ${chart}/render sed -i 's|
|
|g' website/docs/charts/${train}/${chartname}/helm-security.md - #sed -i 's|
|
|g' website/docs/charts/${train}/${chartname}/container_sec_scan.md + sed -i 's|
|
|g' website/docs/charts/${train}/${chartname}/container_sec_scan.md sed -i 's|
|
|g' website/docs/charts/${train}/${chartname}/helm-security.md - #sed -i 's|
|
|g' website/docs/charts/${train}/${chartname}/container_sec_scan.md + sed -i 's|
|
|g' website/docs/charts/${train}/${chartname}/container_sec_scan.md } for train in enterprise stable incubator dependency; do echo "Processing Charts for Train: ${train}..." for chart in $(ls "charts/${train}"); do + render "charts/${train}/${chart}" ${chart} ${train} helm_sec_scan "charts/${train}/${chart}" ${chart} ${train} - # container_sec_scan "charts/${train}/${chart}" ${chart} ${train} + container_sec_scan "charts/${train}/${chart}" ${chart} ${train} cleanfiles "charts/${train}/${chart}" ${chart} ${train} done done